Описание
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:aver:eh6108h\+_firmware:x9.03.24.00.07l:*:*:*:*:*:*:*
cpe:2.3:h:aver:eh6108h\+:-:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00231
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.
EPSS
Процентиль: 46%
0.00231
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200